I agree... but the power that be have decided!!!
I think it's stupid,
but a mere mortal....
You do it, the server gets owned and you get dismissed for incompetence. You don't do it, you get a warning for disobediance.
Which is better? --------------------------------------------------- e-mail boss with reasons for not doing it - keep copy for self. Make sure you get order to do it in some written form (this normally makes tham wake up to their stupidity). Do work as instructed. If the server gets owned and you get fired then a tribunal will be on your side for 'constructive dismissal' and you'll get a few pennies for a nice self-training course. --------------------------------------------------- On the subject of passwords there is almost no safe/achievable way of doing this. If theres money involved I'd ensure one to one communication via snail mail with signatures - get them to agree to your site terms and conditions before you let them use it - if you are providing passwords. Or let them register themselves but again you'll need paper proof of their ID before you match them to any 'account'. Digital Sigs are now legal in the EU but I doubt if anyone uses it yet Tom
__________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com